有没有人能让我知道或澄清我的疑问,在项目中工作时,密钥存储应该放在哪里?
我知道java是在security/cancerts中维护密钥存储&巨蟹座是可靠的。在密钥仓库中,他们已经为秘密密钥提供了键值对。
现在我想存储我的自定义密钥存储库(在该密钥存储库中包含密钥与键值对),那么我要在哪里存储呢?
它是在项目本身与。keystore文件,像一些其他。properties文件??或者其他地方??
是否需要为该密钥仓库分配证书?我该如何务实??
下面的是测试中生成的代码。项目本身的密钥库…
public static void main(String[] args) throws Exception {
String fileWithKeyStore = "test.keystore";
KeyStore keyStore = JKSTest.createKeyStore(fileWithKeyStore, "pwdForKeyStoreFile");
storeKeyInKeyStore(keyStore, fileWithKeyStore);
// retriveKeyFromKeyStore(keyStore);
}
public static void storeKeyInKeyStore(KeyStore keyStore, String fileWithKeyStore) throws Exception {
System.out.println(keyStore.getType()); // JCEKS
/** Storing in key value format like map but with password */
SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey(); // JWT-Key
keyStore.setEntry("map_key", new KeyStore.SecretKeyEntry(secretKey),
new PasswordProtection("pwdForMapEntry".toCharArray()));
keyStore.store(new FileOutputStream(fileWithKeyStore), "pwdForStoringFile".toCharArray());
System.out.println("Stored Key:t" + secretKey);
}
public static void retriveKeyFromKeyStore(KeyStore keyStore)
throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException {
KeyStore.Entry entry = keyStore.getEntry("map_key", new PasswordProtection("pwdForMapEntry".toCharArray()));
SecretKey keyFound = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
System.out.println("Found Key:t" + keyFound);
}
public static KeyStore createKeyStore(String fileName, String pw) throws Exception {
File file = new File(fileName);
final KeyStore keyStore = KeyStore.getInstance("JCEKS");
if (file.exists()) {
// .keystore file already exists => load it
keyStore.load(new FileInputStream(file), pw.toCharArray());
System.out.println("Existing .keystore file loaded!"+file.getAbsolutePath());
} else {
// .keystore file not created yet => create it
keyStore.load(null, null);
keyStore.store(new FileOutputStream(fileName), pw.toCharArray());
System.out.println("New .keystore file created!");
}
return keyStore;
}
具体来说,您正在寻找存储私钥或密钥存储库的位置吗?
无论哪种情况,存储它们的最佳位置都应该是您的主文件夹(私钥默认创建在~/中)。Ssh/on *nix系统)。私钥/密钥存储库必须具有限制性权限,以便只有您(存储库的所有者)具有对它的读访问权限(在*nix系统上,这应该转换为权限0400)。